This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
Updated pam_smb packages are now available which fix a security
vulnerability (buffer overflow).
The pam_smb module is a pluggable authentication module (PAM) used to
authenticate users using an external Server Message Block (SMB)
A buffer overflow vulnerability has been found that affects unpatched
versions of pam_smb up to and including 1.1.6.
On systems that use pam_smb and are configured to authenticate a
remotely accessible service, an attacker can exploit this bug and
remotely execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2003-0686
to this issue.
Red Hat Enterprise Linux contains a version of pam_smb that is
vulnerable to this issue, however pam_smb is not enabled by default.
Users of pam_smb are advised to upgrade to these erratum packages,
which contain a patch to version 1.1.6 to correct this issue.
Red Hat would like to thank Dave Airlie of the Samba team for
notifying us of this issue.
See also :
Update the affected pam_smb package.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12417 ()
Bugtraq ID: 8491
CVE ID: CVE-2003-0686
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.